Today the Hawaiian State House debated a newly introduced piece of legislation, H.B. 2288, which would create a massive requirement for Hawaiian businesses to gather dossiers about all of their customers and store them for two years. The bill, a little shorter than two pages in length, would not just mandate retention of assigned IP addresses, along with user information like name and address, but also a log of every single website across the Internet that each user visits.
The bill also does not take into account small businesses that offer incidental wireless Internet access, such as coffee shops or libraries. The cost of implementing a system capable of storing this type of data is also not addressed by the legislation.
The following comments can be attributed to Computer & Communications Industry Association President & CEO Ed Black:
“This proposed legislation represents a stunningly simplistic overreach into a deeply technical area of law. It is at the same time infeasible to implement, overbroad in its application, and a violation of basic privacy best practices. This is another example of government reaching to exploit technology that makes possible vastly increased surveillance of the public.”
“Government already has the ability to order any ISP to retain certain information without a court order. This existing method of data preservation is much less burdensome, creates a much smaller privacy impact, and provides a small opportunity for abuse by government officials.”